predefined shares security and setup questions


Recommended Posts

Good morning, all.

 

New (obviously) user coming from a Synology to unRAID. I've got a base install done and went through a few setups of plugins (CA, some Dynamix, Nerd Tools, Preclear, Fix Common Problems, Unassigned Devices). I got the array setup (though not sure if correct yet), and was browsing to the tower via a windows desktop and saw the 4 pre-defined shares: appdata, domains, isos, system. I also see the flash shares.

 

My questions now are:

should these be cache only? Should I make them all private or secured security setting? Maybe it's just being overly picky, but I would prefer that anybody looking at the tower on the network only sees the actual shares I think they should see: media, movies, tv shows, photos, games, etc.).

 

I have plenty of data disk storage (at least for now. :) ) and currently 1 500GB Samsung SSD cache disk (which I had hoped to use as VM cache only storage as well. I understand now I probably want to get a 2nd cache disk for that pool so there's some fault tolerance.

 

Was on a trial key, but went ahead and just purchased the Pro license.

 

 

Link to comment

... and was browsing to the tower via a windows desktop and saw the 4 pre-defined shares: appdata, domains, isos, system. I also see the flash shares.

 

I think he brings up a good point though.  I suspect this was an oversight when these system shares were setup.  No shares should default to public, except the flash share.  They should only be exposed by the user afterward, with the hope that the user has considered the risks.  Actually, I think this applies to ALL new shares and users, they should all default to Private.

 

I am thinking this thread should perhaps move to the Security board or the Defects board.

Link to comment

... and was browsing to the tower via a windows desktop and saw the 4 pre-defined shares: appdata, domains, isos, system. I also see the flash shares.

 

I think he brings up a good point though.  I suspect this was an oversight when these system shares were setup.  No shares should default to public, except the flash share.  They should only be exposed by the user afterward, with the hope that the user has considered the risks.  Actually, I think this applies to ALL new shares and users, they should all default to Private.

 

I am thinking this thread should perhaps move to the Security board or the Defects board.

They have to default to public, because secure and private both require users to be set up for r/w access which is not a prerequisite for unRaid. 
Link to comment

The predefined shares have been created to facilitate ease of configuration for Docker and VM's (libvirt).

 

If you enable Docker, then 'system' and 'appdata' will be automatically created if necessary.

 

If you enable VM's, then 'system', 'domains' and 'isos' will be automatically created if necessary.

 

If you never enable Docker or VM's those shares will not get created.  Those share are created as "public" but not exported by default.

 

The only share exported in a new install is the 'flash' share which exposes the contents of the USB boot flash.  This is done to facilitate backup and make it easier to copy a registration key file, though these days key files are downloaded.  In addition it serves as an indication that a new server is on-line.  In an untrusted network, the 'flash' share export setting and/or security mode should probably be changed.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.